Operation So-seki: Investigating Pro-Russian Hacktivist DDoS Attacks

Explore the findings and lessons learned from an investigation into a pro-Russian hacktivist group in this 42-minute conference talk from BSidesLV. Delve into "Operation So-seki," a year-long tracking effort of DDoS attacks conducted by a group tentatively called X. Discover how the scale and targets of these attacks have expanded since March 2022. Learn about the botnet client tool used by X and the mechanism of their command and control (C2). Gain insights into the automated process of collecting DDoS target information and the analysis of over 1,000 attacks through botnet monitoring and infrastructure tracking using net flow. Explore the cross-analysis findings, methods for analyzing and tracking infrastructures, the operators behind X, their tactics, techniques, and procedures (TTPs), DDoS countermeasure techniques, and valuable lessons learned from dealing with DDoS hacktivist groups. Presented by Kaichi Sameshima, Atsushi Kanda, and Ryo Minakawa, this talk offers a comprehensive look at cybersecurity threats and defensive strategies.